Forum Discussion

RAQS's avatar
RAQS
Icon for Cirrus rankCirrus
Apr 16, 2020

What happen when we enable HTTP/2 in an existing VIP.

Hi All,

 

Hope you all are doing good!

 

I have BIG-IP LTM module running on 13.1.1.4 version (and its in HA) , which means as per me is that version is 13.1.1 and build is 4 please correct if i am wrong.

 

I have a requirement where i need to enable HTTP/2 for an existing VIP. I was doing google and got to know that if we enable HTTP/2 then the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero .

 

Refer :- https://support.f5.com/csp/article/K94563344

 

As i can not do upgrade right away , so can you please help me with mitigation or workaround to avoid this bug.

Like by anyway can i disable ALPN ? when i enable HTTP/2 or any other steps to mitigate this.

 

Or , we can directly enable HTTP/2 , it will not have an imact.

 

Regards,

Shekhars

  • Actually, you can't on 13.1.1.4, as NPN is no longer supported.

     

    K04412053:  Overview of the BIG-IP HTTP/2 profile

     

    Activation Modes

    ALPN

    Specifies how the BIG-IP system negotiates HTTP/2 protocol. By default, the BIG-IP system accepts Application Layer Protocol Negotiation (ALPN). 

    Beginning in version 13.1.0, the BIG-IP system no longer supports Next Protocol Negotiation (NPN), which is now deprecated and replaced by the industry standard ALPN published as RFC 7301. Prior to BIG-IP 13.1.0, the NPN is accepted by the BIG-IP system.

     

    Sorry - you don't really have any options to safely implement HTTP/2.

4 Replies

  • You don't have too many choices

     

    1) Disable ALPN and rely on NPN, which is deprecated and has limited browser support

     

    2) Enable HTTP/2 with ALPN, and hope that you don't get connections that cause tmm to restart

     

    3) push for an upgrade to 13.1.3.3 before enabling HTTP/2

     

     

    • RAQS's avatar
      RAQS
      Icon for Cirrus rankCirrus

      Hi Blakely,

       

      Thanks for your prompt response.

       

      So coming to option 1 , how we will achieve that in version 13.1.1.4 ==> Steps to do that

       

      Option 2 is like to leave thing on fate and wait & watch.

       

      Option 3 we will do but that will take time.

       

      So, can you please help with Option 1 and how i will perform steps via GUI or CLI.

       

      Regards,

      Shekhars

      • Actually, you can't on 13.1.1.4, as NPN is no longer supported.

         

        K04412053:  Overview of the BIG-IP HTTP/2 profile

         

        Activation Modes

        ALPN

        Specifies how the BIG-IP system negotiates HTTP/2 protocol. By default, the BIG-IP system accepts Application Layer Protocol Negotiation (ALPN). 

        Beginning in version 13.1.0, the BIG-IP system no longer supports Next Protocol Negotiation (NPN), which is now deprecated and replaced by the industry standard ALPN published as RFC 7301. Prior to BIG-IP 13.1.0, the NPN is accepted by the BIG-IP system.

         

        Sorry - you don't really have any options to safely implement HTTP/2.